Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7ff1c0e3
Commit
7ff1c0e3
authored
Dec 01, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'fix-internal-api' into 'master'
Fix internal api Fixes #1787 See merge request !1280
parents
27077ab2
612b8806
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
67 additions
and
17 deletions
+67
-17
lib/api/internal.rb
lib/api/internal.rb
+9
-4
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+18
-10
spec/lib/gitlab/git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+19
-0
spec/requests/api/internal_spec.rb
spec/requests/api/internal_spec.rb
+21
-3
No files found.
lib/api/internal.rb
View file @
7ff1c0e3
...
@@ -33,15 +33,20 @@ module API
...
@@ -33,15 +33,20 @@ module API
end
end
project
=
Project
.
find_with_namespace
(
project_path
)
project
=
Project
.
find_with_namespace
(
project_path
)
return
false
unless
project
unless
project
return
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such project'
)
end
actor
=
if
params
[
:key_id
]
actor
=
if
params
[
:key_id
]
Key
.
find
(
params
[
:key_id
])
Key
.
find
_by
(
id:
params
[
:key_id
])
elsif
params
[
:user_id
]
elsif
params
[
:user_id
]
User
.
find
(
params
[
:user_id
])
User
.
find
_by
(
id:
params
[
:user_id
])
end
end
return
false
unless
actor
unless
actor
return
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such user or key'
)
end
access
.
check
(
access
.
check
(
actor
,
actor
,
...
...
lib/gitlab/git_access.rb
View file @
7ff1c0e3
...
@@ -8,15 +8,7 @@ module Gitlab
...
@@ -8,15 +8,7 @@ module Gitlab
def
check
(
actor
,
cmd
,
project
,
changes
=
nil
)
def
check
(
actor
,
cmd
,
project
,
changes
=
nil
)
case
cmd
case
cmd
when
*
DOWNLOAD_COMMANDS
when
*
DOWNLOAD_COMMANDS
if
actor
.
is_a?
User
download_access_check
(
actor
,
project
)
download_access_check
(
actor
,
project
)
elsif
actor
.
is_a?
DeployKey
actor
.
projects
.
include?
(
project
)
elsif
actor
.
is_a?
Key
download_access_check
(
actor
.
user
,
project
)
else
raise
'Wrong actor'
end
when
*
PUSH_COMMANDS
when
*
PUSH_COMMANDS
if
actor
.
is_a?
User
if
actor
.
is_a?
User
push_access_check
(
actor
,
project
,
changes
)
push_access_check
(
actor
,
project
,
changes
)
...
@@ -32,7 +24,23 @@ module Gitlab
...
@@ -32,7 +24,23 @@ module Gitlab
end
end
end
end
def
download_access_check
(
user
,
project
)
def
download_access_check
(
actor
,
project
)
if
actor
.
is_a?
(
User
)
user_download_access_check
(
actor
,
project
)
elsif
actor
.
is_a?
(
DeployKey
)
if
actor
.
projects
.
include?
(
project
)
build_status_object
(
true
)
else
build_status_object
(
false
,
"Deploy key not allowed to access this project"
)
end
elsif
actor
.
is_a?
Key
user_download_access_check
(
actor
.
user
,
project
)
else
raise
'Wrong actor'
end
end
def
user_download_access_check
(
user
,
project
)
if
user
&&
user_allowed?
(
user
)
&&
user
.
can?
(
:download_code
,
project
)
if
user
&&
user_allowed?
(
user
)
&&
user
.
can?
(
:download_code
,
project
)
build_status_object
(
true
)
build_status_object
(
true
)
else
else
...
...
spec/lib/gitlab/git_access_spec.rb
View file @
7ff1c0e3
...
@@ -46,6 +46,25 @@ describe Gitlab::GitAccess do
...
@@ -46,6 +46,25 @@ describe Gitlab::GitAccess do
it
{
subject
.
allowed?
.
should
be_false
}
it
{
subject
.
allowed?
.
should
be_false
}
end
end
end
end
describe
'deploy key permissions'
do
let
(
:key
)
{
create
(
:deploy_key
)
}
context
'pull code'
do
context
'allowed'
do
before
{
key
.
projects
<<
project
}
subject
{
access
.
download_access_check
(
key
,
project
)
}
it
{
subject
.
allowed?
.
should
be_true
}
end
context
'denied'
do
subject
{
access
.
download_access_check
(
key
,
project
)
}
it
{
subject
.
allowed?
.
should
be_false
}
end
end
end
end
end
describe
'push_access_check'
do
describe
'push_access_check'
do
...
...
spec/requests/api/internal_spec.rb
View file @
7ff1c0e3
...
@@ -26,7 +26,7 @@ describe API::API, api: true do
...
@@ -26,7 +26,7 @@ describe API::API, api: true do
end
end
end
end
describe
"
GE
T /internal/allowed"
do
describe
"
POS
T /internal/allowed"
do
context
"access granted"
do
context
"access granted"
do
before
do
before
do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
...
@@ -140,7 +140,7 @@ describe API::API, api: true do
...
@@ -140,7 +140,7 @@ describe API::API, api: true do
archive
(
key
,
project
)
archive
(
key
,
project
)
response
.
status
.
should
==
200
response
.
status
.
should
==
200
response
.
body
.
should
==
'true'
JSON
.
parse
(
response
.
body
)[
"status"
].
should
be_true
end
end
end
end
...
@@ -149,9 +149,27 @@ describe API::API, api: true do
...
@@ -149,9 +149,27 @@ describe API::API, api: true do
archive
(
key
,
project
)
archive
(
key
,
project
)
response
.
status
.
should
==
200
response
.
status
.
should
==
200
response
.
body
.
should
==
'false'
JSON
.
parse
(
response
.
body
)[
"status"
].
should
be_false
end
end
end
context
'project does not exist'
do
it
do
pull
(
key
,
OpenStruct
.
new
(
path_with_namespace:
'gitlab/notexists'
))
response
.
status
.
should
==
200
JSON
.
parse
(
response
.
body
)[
"status"
].
should
be_false
end
end
end
end
context
'user does not exist'
do
it
do
pull
(
OpenStruct
.
new
(
id:
0
),
project
)
response
.
status
.
should
==
200
JSON
.
parse
(
response
.
body
)[
"status"
].
should
be_false
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment